Attacker mints $1 billion Polkadot tokens on Ethereum, ends up stealing just $250,000

A forged cross-chain message bypassed state proof validation on the bridge contract, granting admin control over the bridged DOT token and allowing the attacker to mint and dump the entire supply for $237,000.

What to know:

• An attacker exploited a vulnerability in Hyperbridge's Ethereum gateway contract to mint 1 billion bridged Polkadot tokens and dump them for about $237,000 in ether.
• The exploit, which did not affect Polkadot's core network or native DOT, abused a flawed cross-chain message validation path to seize admin control of the bridged token contract.
• The attacker’s profit was limited by shallow liquidity in the Ethereum DOT pool, but security firms warn that similar bridge flaws on deeper pools or higher-value assets could lead to far larger losses.

Crypto hacks are nothing new, but cases where attackers take big risks and walk away with peanuts aren't common. That rare scenario played out on Sunday.

An attacker exploited a vulnerability in Hyperbridge's cross-chain gateway that connects different blockchains, minting 1 billion Polkadot tokens ($1.19 billion) on Ethereum and dumping them for approximately $237,000 worth of ether.

The exploit adds to a growing list of bridge vulnerabilities in 2026. Last month saw a $270 million Drift Protocol drain on Solana, while a social engineering attack, rather than a code exploit, similarly involved compromised infrastructure.

The Sunday exploit targeted the bridge contract, not Polkadot's core network. Polkadot's native token DOT was unaffected. The vulnerability sat in how Hyperbridge's EthereumHost contract validates incoming cross-chain messages before passing them to the TokenGateway.

Bridges, which help move coins from one blockchain to another, remain the weakest link in cross-chain architecture because they hold admin-level control over token contracts on destination chains, meaning a single validation failure can grant an attacker the ability to mint unlimited supply.

Here's how attack unfolded

On-chain traces show that the attacker submitted a forged message via dispatchIncoming, which was routed to TokenGateway.onAccept.

The request receipts check, which should have verified the message against a valid cross-chain state commitment from Polkadot, stored an all-zeros commitment value, suggesting the proof validation was either absent or circumventable for this specific call path. The gateway processed the message as legitimate.

The accepted message executed changeAdmin on the bridged Polkadot token contract, transferring admin rights to the attacker's address. With admin control, the attacker minted 1 billion tokens in a single transaction and routed them through Odos Router V3 into a Uniswap V4 DOT-ETH pool, extracting roughly 108.2 ETH across what appears to be multiple swaps at slightly different prices.

Liquidity worked against the attacker

Weak liquidity/depth, or the market's ability to absorb large orders at stable prices, is usually a major issue for whales. But, in this case, it worked against the attacker, capping its profit.

The bridged DOT pool on Ethereum held limited depth, meaning 1 billion tokens overwhelmed the available liquidity and the attacker received a fraction of a cent per token.

On a deeper pool or a higher-value bridged asset, the same vulnerability would have produced significantly larger losses. DOT trades just under $1.20 as of Asian morning hours on Monday.

CertiK flagged the exploit, confirming the attack vector was the Hyperbridge gateway contract and that the attacker profited approximately $237,000 from minting and selling the bridged tokens.

Hyperbridge has not publicly commented on the exploit or disclosed whether other bridged token contracts using the same gateway are vulnerable to the same forged-message attack vector.

More For You

Most crypto privacy models weaken as blockchain data grows. Encryption-based models like Zcash strengthen. CoinDesk Research maps the five privacy approaches and examines the widening gap.

Why it matters:

As blockchain adoption scales, the metadata available to machine learning models scales with it. Obfuscation-based privacy approaches are structurally degrading as a result. This report provides a comprehensive comparison of all five major crypto privacy architectures and a framework for evaluating which models remain durable as AI capabilities improve.

More For You

The proposal directs 100% of application and product revenue back to AAVE token holders, resolving a governance dispute that began when swap fees were quietly redirected away from the DAO treasury in late 2025.

What to know:

• Aave governance approved the "Aave Will Win" proposal, redirecting 100% of revenue from all Aave-branded products to the DAO and consolidating economic rights under the AAVE token.
• The vote ends a months-long dispute over fee redirection and firmly establishes token holders, rather than Aave Labs, as the ultimate beneficiaries of...

Alameda moves $16 million in Solana's SOL token for possible creditor distribution

1 hour ago

Aave passes landmark vote ending months-long fight over protocol revenue control

1 hour ago

WLFI threatens legal action against Justin Sun after he accuses Trump-linked project of deceptive DeFi deals

2 hours ago

Bitcoin hits a wall – the chart just challenged the $88,000 bull case

2 hours ago

Strategy signals another bitcoin buy as company needs just 2% annual BTC growth to cover dividends

2 hours ago

CFTC Chair Mike Selig argues for agency's 'exclusive regulatory authority' in prediction markets fight: State of Crypto

14 hours ago

Super PAC tied to Tether makes first ad buy from firm founded by Tether's U.S. CEO

19 hours ago

Market makers are fleeing public blockchains to protect their secret trading playbooks

18 hours ago

Bitcoin analysts flag triggers for a massive surge to $88,000 even as war risks linger

18 hours ago

Trump token sees whale accumulation ahead of Mar-a-Lago gala; senators raise questions over event

21 hours ago

Federal judge blocks Arizona from bringing criminal charges against Kalshi

Apr 10, 2026

Trump-backed WLFI token drops 12% to record lows after team defends multi-million lending position

Apr 10, 2026